Without CF, many websites would not stay on-line during an attack. And they would cease to exist because many of those places would never be able to afford DDoS protection. I know so many sites, including ones I run, that I would not be able to keep on the public internet without CF DDoS protection. There really is no real competition in this space.
I think we need to consider the fact that while this outage does take a lot of sites off-line at once, it is temporary, and it is still extremely rare. And the alternative is potentially that many websites would cease to exist at all, period, without something like Cloudflare existing.
It does not. "There has to be" ends in "!" and is an expression is a wish.
> Who is going to pay for this?
All of us. Everyone. I keep circling back to the idea that we should all join a protection ring, so we'd all share "cost" on this.
> How do you ensure latency is not atrocious?
> Why hasn't someone made this already?
First one is very technical, and the answer is most probably by localisation and by only actually turning it on when needed.
For the second: because it's a very hard technical problem and there is basically no money in it. Business value maybe, but it would need people and companies to collaborate, it would probably need committee level decisions, and so far, nobody wanted to deal with this.
Or at least that's my theory.
Maybe dat:// will eventually become a viable option, and with that, due to the distributed nature, this kind of DDOS protection is sort of built in.